Hackers Are Hiding Malware So Effectively, You Can’t See it with a Telescope

RISKS

What happened

Securonix, a security analytics platform, uncovered a new cybersecurity threat that leveraging the infamous deep field image taken from NASA’s James Webb telescope and obfuscated Golang programming language payloads to infect the target system with the malware.

MSN reported that “The attack called ‘GO#WEBBFUSCATOR’ reportedly starts with a phishing email containing a Microsoft Office attachment. If a receiver opens the attachment, a URL within the document’s metadata downloads a file with a script, which runs if certain Word macros are enabled.”

The malicious Base64 code is disguised as a certificate for the jpg image and, as reported by multiple news outlets and Securonix, is currently undetectable by antivirus programs.

PCMag reported that “Securonix analyzed the malware program and found it’ll try to maintain persistence on a Windows computer by implanting a binary program “into the Windows registry Run key.” This will force the computer to launch the malware every time the system boots up. The malware is also designed to receive orders and communicate with the hacker’s command and control server. Hence, the attack can pave the way for a cybercriminal to spy on or remotely take over an infected system.”

What’s interesting is the language used in the campaign is Google’s relatively new opensource programming language, Golang, which was unveiled in 2009. It seems that as it is growing in popularity among developers for its cross-platform functionality. Unfortunately, it’s gaining traction with malware developers as well – in this case to install malware that could be later used to take over the computer.

Why is this important?

You can’t always rely on just antivirus programs to detect malware that could potentially be installed on your computer – they won’t always catch every instance of malware that could be downloaded via email attachments.

What does this mean to me?

It’s important that your team is trained and vetted of the potential consequences of clicking on email attachments that could contain malware. This not only means training, but it also means testing your employees to ensure they won’t click on the wrong attachment – before they actually do.

APPROACHES

Helpful Controls

• • Application Security Architecture Review
  • Endpoint Detection and Response (EDR)

Commonality of attack

High

Article on story

Securonix Threat Labs Security Advisory: New Golang Attack Campaign GO#WEBBFUSCATOR Leverages Office Macros and James Webb Images to Infect Systems

HALOCK Security Briefing Archives: Updates on cybersecurity trends, threats, legislation, reasonable security, duty of care, key acts and laws, and more that impact your risk management program.

SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING